Privacy policy
Step by Step operates this store and website, including all related information, content, features, tools, products and services, in order to provide you, as our customer, with an appropriate shopping experience (the “Services”). Step by Step is powered by Shopify, which enables us to provide the Services to you. This Privacy Policy describes how we collect, use and disclose your personal data when you visit, use, make a purchase or carry out any other transaction through the Services, or when you communicate with us. In the event of any conflict between our Terms and Conditions of Service and this Privacy Policy, this Privacy Policy shall prevail with respect to the collection, processing and disclosure of your personal data.
Please read this Privacy Policy carefully. By using and accessing the Services, you confirm that you have read this Privacy Policy and understood what is described herein regarding the collection, use and disclosure of your information.
Personal data we collect or process
When we use the term “personal data”, we refer to information that identifies you or is reasonably linked to you or another person. Personal data does not include information collected anonymously or anonymised in such a way that it cannot identify you or be linked to you. We may collect or process the following categories of personal data, including inferences drawn from such personal data, depending on your interaction with the Services, where you live, and as permitted or required by applicable laws:
Contact details, including name, address, billing address, shipping address, telephone number and email address.
Financial data, including credit card, debit card and financial account numbers, card payment data, financial account data, transaction details, payment method, payment confirmation and other payment details.
Account data, including username, password, security questions, preferences and settings.
Transaction data, including the items you view, add to your cart, add to your wishlist or purchase, return, exchange or remove, and past transactions.
Communications with us, including the information you include in your communications with us, for example if you submit a dispute to customer support.
Device information, including information about your device, browser or network connection, IP address and other unique identifiers.
Usage information, including information about your interaction with the Services, as well as how and when you interact with or browse the Services.
Sources of personal data
We may collect personal data from the following sources:
Directly from you, including when you create an account, visit or use the Services, communicate with us or provide us with your personal data;
Automatically through the Services, including through your device when you use our products or services or visit our websites, and through the use of cookies and similar technologies;
From our service providers, including when we engage them to implement certain technology and when they collect or process your personal data on our behalf;
From our partners or from third parties.
How we use your personal data
Depending on how you interact with us or which Services you use, we may collect your personal data for the following purposes:
Providing, personalising and improving the Services. We use your personal data to provide you with the Services, as well as to perform our contract with you; process your payments; fulfil your orders; remember your preferences and the items you are interested in; send you account-related notifications; process purchases, returns, exchanges or other transactions; create, maintain and manage your account; arrange shipping; facilitate returns and exchanges; allow you to post reviews; and create a personalised shopping experience, for example by recommending products related to your purchases. This may include using your personal data to personalise and improve the Services.
Marketing and advertising. We use your personal data for marketing and advertising purposes, for example to send you marketing, advertising and promotional communications by email, text message or post, and to show you online advertisements for products and services within our Services or on other websites, including based on items you have previously purchased or added to your cart and other activity within the Services.
Security and fraud prevention. We use your personal data to authenticate your account; provide a secure payment and shopping experience; detect, investigate or take action against any fraudulent, illegal, unsafe or harmful activity; and protect public safety and our Services. By choosing to use the Services and register an account, you are responsible for protecting your credentials. We recommend that you do not share your username, password or other access details with anyone.
Communicating with you. We use your personal data to provide you with customer support; respond to you; offer you effective services; and maintain our business relationship with you.
Legal reasons. We use your personal data in accordance with applicable laws or in response to valid legal processes, including requests from authorities or government agencies; to investigate or participate in testimony, potential or ongoing litigation, or other legal proceedings; and to enforce or investigate potential violations of our terms or policies.
How we disclose personal data
In certain circumstances, we may disclose your personal data to third parties for legitimate purposes subject to this Privacy Policy. Such circumstances may include:
With Shopify, vendors and other third parties who provide services on our behalf, such as IT management, payment processing, data analytics, customer support, storage, fulfilment and shipping.
With business and marketing partners to provide you with services and marketing advertisements. For example, we use Shopify to offer personalised advertisements through third-party services based on your online activity with different merchants and websites. Our business and marketing partners will use your data in accordance with their own privacy policies. Depending on where you reside, you may have the right to ask us not to share your data in order to show you personalised advertisements and marketing based on your online activity with different merchants and websites.
When you ask us or authorise us to disclose certain information to third parties, for example to ship your products, or when you use social media widgets or login integrations.
With our affiliates or within our corporate group.
In connection with a business transaction such as a merger or bankruptcy; in compliance with any legal obligations, including responding to subpoenas, search warrants and similar requests; to enforce terms and conditions of service or policies; and to protect or defend the Services, our rights and the rights of our users or other individuals.
Relationship with Shopify
The Services are powered by Shopify, which collects and processes personal data relating to your access to and use of the Services in order to provide and improve the Services for you. In order to provide and improve the Services for you, the data you submit to the Services will be transmitted and shared with Shopify and with third parties that may be located in countries other than your own. In addition, to help protect, grow and improve your business, we use certain advanced Shopify features that incorporate the data and information received from you through your interactions with our store, as well as with other merchants and with Shopify. To provide such advanced features, Shopify may use personal data collected from your interactions with our store, as well as with other merchants and with Shopify itself. In these circumstances, Shopify is responsible for processing your personal data, including responding to your requests to exercise your rights in relation to Shopify’s use of your personal data for these purposes. For more information about how Shopify uses your personal data and the rights you may have, you can consult Shopify’s Consumer Privacy Policy. Depending on where you reside, you may exercise certain rights relating to your personal data here: Shopify Privacy Portal link.
Third-party websites and links
The Services may contain links to websites or other online platforms operated by third parties. If you open links to websites that are not affiliated with or controlled by us, you may need to review and accept their privacy and security policies and other terms and conditions. We do not guarantee and are not responsible for the privacy or security of such websites, nor for the accuracy, truthfulness or reliability of the information they contain. Information you provide in public or semi-public contexts, including information you share on third-party social platforms, may also be visible to other users of the Services and/or users of those third-party platforms, without restriction as to its use by us or by third parties. The inclusion of such links does not imply any endorsement by us of the content of those platforms or of their owners or operators, except as disclosed in the Services.
Children’s data
The Services are not intended for use by minors and we do not knowingly collect personal data from children under the age of majority in your jurisdiction. If you are the parent or guardian of a minor who has provided us with their personal data, you may contact us using the contact details below to request its deletion. As of the effective date of this Privacy Policy, we are not aware of any “sharing” or “sale” — as those terms are defined under applicable laws — of personal data of individuals under the age of 16.
Security and retention of data
Please note that no security measure is perfect or impenetrable and that we cannot guarantee “absolute security”. In addition, the data you send to us may not be secure during transmission. We recommend that you use only secure channels to communicate sensitive or confidential information to us.
The length of time for which we retain personal data depends on several factors, such as whether we need such data to maintain your account, provide you with the Services, comply with legal obligations, resolve disputes or enforce other agreements and policies.
Your rights and choices
Depending on where you reside, you may have one or more rights in relation to your personal data, including those listed below. However, these rights are not absolute and may apply only in certain circumstances, and we may refuse your request to the extent permitted by law.
Right of access/knowledge. You may have the right to request access to the personal data we hold about you.
Right to deletion. You may have the right to request the deletion of the personal data we hold about you.
Right to correction. You may have the right to request the correction of the personal data we hold about you.
Right to portability. You may have the right to receive a copy of the personal data we hold about you and to ask us to transfer it to a third party, in certain circumstances and subject to certain exceptions.
Managing communication preferences. We may send you promotional emails, and you may opt out of receiving them at any time by using the unsubscribe option included in our emails. If you opt out, we may still send you non-promotional emails, such as those relating to your account or orders you have placed.
If you reside in the United Kingdom or the European Economic Area, and subject to the restrictions and limitations imposed by local laws, you may exercise the following rights in addition to those mentioned above:
Objection to processing and restriction of processing: You may have the right to ask us to stop or restrict the processing of personal data for certain purposes.
Withdrawal of consent: Where your consent is required to process your personal data, you have the right to withdraw it. If you withdraw such consent, this will not affect the lawfulness of processing based on your consent before its withdrawal.
You may exercise any of these rights where indicated in the Services or by contacting us using the contact details below. For more information about how Shopify uses your personal data and the rights you may have, including rights relating to data processed by Shopify itself, you can visit https://privacy.shopify.com/en.
You will not be discriminated against for exercising these rights. Before processing your requests, we may need to verify your identity, within the limits permitted by applicable laws. In accordance with applicable laws, you may appoint an authorised agent to make requests on your behalf in order to exercise your rights. Before accepting a request from an agent, we will ask the agent to provide proof that they have been authorised by you, and we may ask you to verify your identity directly. We will respond to your request within the reasonable timeframes required by applicable laws.
Complaints
If you have complaints about how we process your personal data, please contact us using the contact details below. Depending on where you reside, you may have the right to appeal our decision by contacting us using the contact details below, or to refer your complaint to your local data protection authority. For the EEA, you can find a list of the responsible data protection supervisory authorities here.
International transfers
Please note that we may transfer, store and process your personal data outside the country in which you reside.
If we transfer your personal data outside the European Economic Area or the United Kingdom, we will rely on recognised transfer mechanisms, such as the European Commission’s Standard Contractual Clauses, or equivalent agreements issued by the competent authorities of the United Kingdom, unless the data transfer is to a country deemed to provide an adequate level of protection.
Changes to this Privacy Policy
We will update this Privacy Policy from time to time, including to reflect changes to our practices or for other operational, legal or regulatory purposes. We will publish the updated Privacy Policy on the website, update the “Last updated” date and issue a notice as required by applicable law.
Contact
If you have any questions about our privacy policies or this Privacy Policy, or if you wish to exercise any of the rights available to you, please call us at [telephone number], email us at info@stepbystep-store.com or contact us at Via Augusto Anfossi 13, Milan, MI, 20135, IT. For the purposes of applicable data protection laws, we are the data controller of your personal data.